hello,
could anyone help me with understanding extreme ware access lists ???
There is a case, that a single IP address should be locked on a physical
port (hosting purpose).
There is a host (.3) and gateway (.1)
create access-mask ip_addr_mask ip-protocol dest-ip / 32 source-ip / 32
ports precedence 2000
create access-list test-list ip_addr_mask dest-ip 172.20.0.3/32
source-ip 172.20.0.1/32 deny
ERROR: ACL: Entry test-list has fields that does not match with the
fields of access-mask ip_addr_mask.
ERROR: ACL: Cannot add rule test-list (reason: validation failed).
What is wrong ?
Regards,
Marcin
Book example looks like that:
create access-mask ip_addr_mask ip-protocol dest-ip/32 source-ip/32
ports precedence 20000
create access-list tcp1_2 ip_addr_mask ip-protocol tcp dest-ip
10.10.20.100/32
source-ip 10.10.10.100/32 ports 2 permit qp1
create access-list tcp2_1 ip_addr_mask ip-protocol tcp dest-ip
10.10.10.100/32
source-ip 10.10.20.100/32 ports 10 permit qp1
_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp
could anyone help me with understanding extreme ware access lists ???
There is a case, that a single IP address should be locked on a physical
port (hosting purpose).
There is a host (.3) and gateway (.1)
create access-mask ip_addr_mask ip-protocol dest-ip / 32 source-ip / 32
ports precedence 2000
create access-list test-list ip_addr_mask dest-ip 172.20.0.3/32
source-ip 172.20.0.1/32 deny
ERROR: ACL: Entry test-list has fields that does not match with the
fields of access-mask ip_addr_mask.
ERROR: ACL: Cannot add rule test-list (reason: validation failed).
What is wrong ?
Regards,
Marcin
Book example looks like that:
create access-mask ip_addr_mask ip-protocol dest-ip/32 source-ip/32
ports precedence 20000
create access-list tcp1_2 ip_addr_mask ip-protocol tcp dest-ip
10.10.20.100/32
source-ip 10.10.10.100/32 ports 2 permit qp1
create access-list tcp2_1 ip_addr_mask ip-protocol tcp dest-ip
10.10.10.100/32
source-ip 10.10.20.100/32 ports 10 permit qp1
_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp